Set-Up “Let’s Encrypt” for Hiawatha Web-Server

Google announced that starting with Chrome version 68 they will gradually mark HTTP-connections as “not secure”. “Let’s Encrypt” is a free service for web-masters to obtain certificates in an easy manner. Work on “Let’s Encrypt” started in 2014.

Setting up “Let’s Encrypt” with Hiawatha web-server is quite easy, although there are some pitfalls. I used the ArchLinux package for Hiawatha. There is also a ArchWiki page for Hiawatha.

Another detailed description is: Let’s Encrypt with Hiawatha by Chris Wadge.

1. Unpacking and production-server setting. After installing the ArchLinux package I unpacked the file /usr/share/hiawatha/letsencrypt.tar.gz. You have to edit letsencrypt.conf at three places:

ACCOUNT_EMAIL_ADDRESS = your@mail.address
HIAWATHA_CERT_DIR = {HIAWATHA_CONFIG_DIR}/tls
LE_CA_HOSTNAME = acme-v01.api.letsencrypt.org           # Production

I struggled with the last variable LE_CA_HOSTNAME. This has to be the productive “Let’s Encrypt” server. Although you might register with the testing-server, you apparently cannot do anything else with the testing-server. So delete the testing-server. The rest of the configuration file is obvious to change.

2. Configuration file. Now check your hiawatha.conf file:

Binding {
        Port = 443
        #TLScertFile = tls/hiawatha.pem
        TLScertFile = /etc/hiawatha/tls/www.eklausmeier.tk.pem
        Interface = 0.0.0.0
        MaxRequestSize = 2048
        TimeForRequest = 30
}
...
VirtualHost {
        Hostname = www.eklausmeier.tk, eklausmeier.tk, 192.168.178.24, klm.no-ip.org, klm.ddns.net, edh.no-ip.org, edh.ddns.net, klmport.no-ip.org, borussia
        ...
}

Continue reading

Advertisements

Towards web-based delta synchronization for cloud storage systems

Very interesting article.

Some remarkable excerpts:

To isolate performance issues to the JavaScript VM, the authors rebuilt the client side of WebRsync using the Chrome native client support and C++. It’s much faster.

Replacing MD5 with SipHash reduces computation complexity by almost 5x. As a fail-safe mechanism in case of hash collisions, WebRsync+ also uses a lightweight full content hash check. If this check fails then the sync will be re-started using MD5 chunk fingerprinting instead.

The client side of WebR2sync+ is 1700 lines of JavaScript. The server side is based on node.js (about 500 loc) and a set of C processing modules (a further 1000 loc).

the morning paper

Towards web-based delta synchronization for cloud storage systems Xiao et al., FAST’18

If you use Dropbox (or an equivalent service) to synchronise file between your Mac or PC and the cloud, then it uses an efficient delta-sync (rsync) protocol to only upload the parts of a file that have changed. If you use a web interface to synchronise the same files though, the entire file will be uploaded. This situation seems to hold across a wide range of popular services:

Given the universal presence of the web browser, why can’t we have efficient delta syncing for web clients? That’s the question Xiao et al. set out to investigate: they built an rsync implementation for the web, and found out it performed terribly. Having tried everything to improve the performance within the original rsync design parameters, then they resorted to a redesign which moved more of the heavy lifting back to…

View original post 728 more words

Youtube 500 Internal Server Error

As noted in Youtube 500 Internal Server Error today I again noted an “500 Internal Server Error”. Normally you would not expect these kind of errors from Google. It says:

Sorry, something went wrong.

A team of highly trained monkeys has been dispatched to deal with this situation.

If you see them, send them this information as text (screenshots frighten them):

    AB38WEP9RIHTGdxNtBfImnlMom5s3lkgT0Pd9IPM4PX12fXVCTkn-N6Q
    9PEISpvD8J4mcARci_19UlNwXlHCYj6Btis5y0TVjGmYExWNr4lVuCVn
    ab9uvgiYv0d5rKU1Hyj6qud2g03K1V8IIFElKtFnfpQhCKQHAa9mNMrP
    EZolrhQAczv8wxZG8-p9IhjEoLHKJNCg3dCvx5lPYvuVzRSA9q9cg7iZ
    WOzDew1HKMN6zpImEWdfu_uwUUZ2wWmye4dQzCdEpeQEzX0Kk1_QBKH6
    H-rZ1uQd0GNfTIQgzmiQRrr68J9-dYiWpFV0brnBAlh-Cizd8idlu8u-
    mtGnk2QrelOPwD9QMD2abezyCx46NS7oDZrjaoOI1rFzAq-4Ho5svCM1
    x2xyqwDP_ySBeZQmL2x5TRd-NfX9IsUWzs5Mn9RydrcM5IfrPV4YJnP7
    Dbdi0gV9cIwhIX6IYb9AtjlubRUNra9FLlxieTJZen2saWrVa5BMmNgo
    zEvY5P-mtx8QOLBKe6VuTsMmeEUwnG8gC5pwK07GCPaYY4V319xzNEc-
    p7XSwEB4q6t06IWoSKsZohXuwBUCKtBa7LdtwVssF27x-UlyWkVIssPA
    zYz27wsDAUgbMz2N4T7dsVnSk3bmmKeKBKUXcxug-z4_6VQyiD5nnq8l
    yUDwIl_3bG9SlaPAt7uNYSXt3xBDFRyaKiDDjvVCPJ-KCoJkx2QVoOX5
    KqyTk2GMvInQ4qC4WIRPUxHEAWYeDiaVcWgI0XVGYWPD3jqfLceyNRYK
    6uX0nzNpmayGZ19Il3F_n1L7irgeRxWPuCWB45x50MlzXxiQu73rS_WU
    uVH_rWtEnGZ098u5y9Am-Is3qTQlBir73vV60pNBsQFIMHrQ8koOvxqq
    TJu-nuwhmIRMoXR_OiFPwydmRRPfnoLYnXZvgH3YSZIO-YFwmxvUQ81Z
    Bh-ugV2MBXn_sLxiM6xi2DhXtqyjyQyF2FPcWyB9W1WW_JUiXd66fw-k
    xXJEuWQH46tPyKFY-UCu-3In4swHKkrdZ9zEb9a6rxpKSZ2y17vkN8VT
    OCIkPNNem3obqQ_fgNpdJ2k01JGDlIYn0a-EJ6K5NvADw7zUmItXoFdR
    sQ9u-qvDLQPDUOuOETH8S2sz0NVGiv9aFtbYWER7J93OC0SCdMiOLYcR
    5wS8FPffB2YIwGZqeyL13vaAG4vgFteykVhAmKgASqr3ASCZLuc9PLoT
    qjiuNTFrnlos6sLwRZFtMuQb8fYRZkFM9FxCraLbSFCemkuGqLcPTQuX
    RrAqXYyzsUmdV5o0BmFL2_yFoHtFv46oJ28cMOpDhMUsaMO6u7fVNQJp
    rFdD_p_VVsryqVihlrzmTdt39sSTOw02SOHBkJtTECGuenjihuUszbq8
    kP9OsjIR8pgVcr_IpmlsYjALUxhhp0VaXQm1HiQNjbJWEhg-lU-g3B7_
    tKIcUNbPbcyD8DXKFKA-1Wep56j0zP1AhUkGUAFtcfhgyWOArasb3Qwa
    KdEupsFiGa8yYhxTp3LA67UTn3RCpy_m3MylCxAkPVUqF24Sh01M4V6i
    ZMNAQqhtbTfwyjpVcMD6YCmkqR_jDM_6LsvN6mJKL7LIC58-_Won4In9
    poFsTW8jXxjztMvAgfWwgKbojSYdJdYF2lUmGYx9wnOkN-GfQHmRyHN4
    8mraL3jSaPPB0MgHukcxzVlW8wG9gO_O4de07Cc4JJU2izMY1Y1TjdfE
    lzo0WhRnfD1KmZUZteSPgP0ctykBdtjHghV62ufrQYx4PHXdwwvDwtvV
    6YgqsuVQ-_lbmgXKWPq0FKt5O_G1IIePVomIL6cExLc0_AApAx-M9j-d
    Hvrbcdl48kfH9NPc4VBREib2D0xrYLDizl7QEV8h7w

nginx: 413 Request Entity Too Large – File Upload Issue

I got above error message in nginx. Stackoverflow post 413 Request Entity Too Large – File Upload Issue had all information to resolve the issue. The solution was written by User Arun.

One has to edit /etc/nginx/nginx.conf and add in http{...}

client_max_body_size 15900M ;

and /etc/php/php.ini

; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 15900M

; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 6900M

; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 25900M

Besides editing /etc/nginx/nginx.conf and /etc/php/php.ini I had to stop nginx and php-fpm:

systemctl stop nginx
systemctl stop php-fpm

so the changes take effect.

After starting the two services then check with phpinfo().

Suppressing Advertisement on Web-Pages a.k.a. Ad-Blocking

Advertisements on web-pages is ubiquitous. Without advertisement even this blog could not be offered free of charge. But advertisement can be a real nuisance with its blinking, flickering, moving, and distracting appearance. Sometimes they even contain malware.

There are two simple remedies for this problem:

  1. use an adblocker plug-in for your browser
  2. modify your /etc/hosts file

The first one is easy to accomplish, but sometimes web-pages no longer work as expected. The second approach is in some ways more direct and more brutal, and leaves visual clues on the web-pages that brute force has been applied.

Editing /etc/hosts on your Linux desktop is easy. On Android you connect via adb shell, switch to root user with su, then

mount -o remount,rw /system

i.e., remount the /system directory from read-only to write-enabled, then edit /etc/hosts. Either reboot your smartphone, or

mount -o remount,ro /system

I use the following list of hosts in my /etc/hosts, which has a somewhat German felling: Continue reading

Migrating from delicious.com to WordPress

I have been a loyal user of del.icio.us since 2006. I have written on this in my post Saving URLs in del.icio.us Still Troublesome. But now enough is enough. Here is a list of annoyances:

  1. You can neither export nor import your data anymore.
  2. The service is generally slow, i.e., it takes a lot of time to just load the site in your browser.
  3. The service is sometimes not available.
  4. You cannot change URLs without deleting the entire post.
  5. The company behind the service does not answer any inquires.
  6. The site is blocked by a number of company firewalls because it is marked as “social”.

Continue reading